Two Wheeled Wi-Fi Sniffing Robot

paulnuyu writes "ZDNet/MSN has an article about a robot that detects Wi-Fi vulnerabilities and intrusions. The two wheeled robot made by the Shmoo Group cruised around the DefCon convention in Vegas last Sunday, picking up telnet and POP passwords. Though still a prototype, the shipping version is projected to have autonomous steering capabilities."

Telnet and POP?

[mjmalone]

Currently, Holman said, the robot can sniff out passwords sent through protocols such as Telnet and POP

If anyone is still using plaintext to send passwords over their lan they are insane. I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.

Re:Telnet and POP?

[jc42]

If anyone is still using plaintext to send passwords over their lan they are insane.

Well, a lot of people don't have any choice. Our cable ISP here, for example, provided the usual email accounts, and for a lot of customers, that is their only email. If you use it, you have no choice other than POP, and I haven't seen anything in several mailers that talks about encrypting the passwords. Our ISP doesn't actually block port 25, so you could run your own mailer. This isn't feasible for most customers, though, for several reasons. One is the dynamic IP addresses and insane hostnames. I've fixed that by using one of the many independent registration services, but to most customers, that would be utterly baffling and unusable. Another problem is that running your own email server is in fact in violation of the TOS in the ISP's contract, and they can legally block your port(s) or kick you off entirely at any time, without warning or recourse.

So for most non-geek customers, unencrypted POP passwords are the only option. There's probably no way they could even learn from the ISP that there's a problem; they certainly wouldn't get (or understand) any advice on how to fix it.

(Myself, I use an account at a school. It has been stable and usable for over 15 years now, unlike commercial email accounts that force you to change your address every 6 months whenever there's a merger, buyout, or corporate renaming. And I can use a plain-text mail reader, eliminating all problems with virii, worms and the like. But I'm not sure I'd recommend this to the typical non-geek.)

Re:Telnet and POP?

[lavorgeous]

I agree -- most non-geeks shouldn't have to worry about such things (and likely don't even know that they might need to).

But DefCon isn't an average-joe situation -- I'm amazed that the attendees at a conference like DefCon wouldn't know better than to wander around a conference filled with other geeks surfing/mailing/etc over WiFi without at least using SSH.

Mmmhhh... thats nice

[neglige]

Now all it need is a way to create those WLAN grafittis. And a way to publish all found passwords on a web-page.

And while you're at it, give it the ability to create a map of the signal strenght, too...

Jalics.

There's this one guy in Akron who's building a robot. He has GPS on it. All it does is roll around, it's not exactly that great of a robot.

The thing is, I ask him all the time, "What does your robot do jalics?"

jalics: Right now the first thing it will just be a rover.
jalics: It'll have a webcam, gps, wifi.
jalics: So I can control it remotely.

jalics: To get accurate feedback on wheel position will be harder, but thats what I'm aiming for.

Now THIS

Is what Bond would use! Imagine him controlling this thing with a cell phone or something. He'd sniff around and get the bad guy's password, go to the hideout, kill the henchmen (and the usual: make stupid jokes and steal the villan's women).

WiFi Robot Wars.

[Moosifer]

Now all they need to do is add an axe or a hammer to it so that it can take out rogue access points.

Re:WiFi Robot Wars.

[stienman]

I'm sorry about your husband, Ma'am, but he was carrying an Ipaq on his person, and said Ipaq was running linux with its wireless card configured as an access point.

No Ma'am, we are certianly considering changing the flamethrower for a taser or EMP weapon of some sort. Of course we understand - closed casket funerals always raise curiosity. Yes, Ma'am, we'll be sure to do that. Thank you for understanding.

You get the next one Bob, and remember that it's IPAQ, not IRAQ. You got Mrs Fitz really worked up over that slip-up.

-Adam

Let me get this straight...

[inertia187]

Mass produced WiFi sniffing robots that pick up passwords are fine, RFID tags that keep people from stealing things under their clothes are bad. Ok, just so I understand.

Ok, what if these mass produced WiFi sniffing robots are get sold at WalMart? What then? You'll have a WiFi sniffing robot with a RFID tag. What a dilemma.

Use?

[Radon+Knight]

Could someone explain just why this is useful? Sounds like a terrible waste of robotics to me.

Re:Use?

[segment]

This could actually come in handy for the military industrial complex who will build it for pennies and sell it for millions... Actually think about it, the military could use it for real time war scenarios. tracking their own and the enemies soldiers, aircraft etc., as opposed to purchasing a tracking device for all soldiers, they could have one all inclusive roving machine which if shot at wouldn't have a widow or saddened family members.

Look at what the mil has done with the unmanned Predator drones, it could be used more or less under the same situations, to limit casualties and get into places where it would be too dangerous for soldiers. Or it could be a combo biometric machine for companies (say financial co.'s) to use. Perhaps it could be used for a nightly or daily audit to see which hosts on their machines are using insecure protocols

Perhaps script kiddies will be replaced?

[calebb]

Hmm: "script bots?" It really doesn't have the same ring though. When I hear 'script kiddie,' my blood pressure starts going up, but 'script bot...' Nah...

Not to mention the fact that you can reach 1e6 times more random systems from location X on AOL than what you from a corporate wifi network.

uh oh

[selderrr]

at 18:18 it went autonomous...

Two wheeled? Peshaw!

[fiftyvolts]

When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.

"What's that boy?"

"Arf! Arf!"

"JImmy's unsing unencrypted WiFi?"

Re:Two wheeled? Peshaw!

[Sanity]

When he mods an Aibo so that it actually sniffs around, barks, and then points retriever style to the offending WiFi source then I'll be impressed.

Actually not as crazy an idea as it sounds since Aibo can have a WiFi card.

Re:Two wheeled? Peshaw!

[frankmu]

how about modifying the aibo to pee on the wifi source instead?

Make it a standard

[segment]

With all these insecurities over protocols not using any form of SSL you would think companies after so much time would have made it a default issue to run these protocols securely. How hard would it be for the developers of BSD/Linux/*Nix to change the settings on this. Well actually someone should create a sort of "Trust" repository for sites that don't know how to set up SSL and the likes. (e.g. the millions of mom and pop shops on the net) and perhaps charge them for securing their data.

I know Verisign and others offer services like this often at a high rate but perhaps the initiative can be funded by governments participating in some W3 standard to secure transactions.

Bait, and false sense of security

[SuperBanana]

If anyone is still using plaintext to send passwords over their lan they are insane.

Did it occur to anyone that maybe those passwords were bait? No better way to catch a scriptkiddie than to make him think he's hit a goldmine. He runs home, logs into that honeypot, and the cops are on his doorstep the next day. Do not pass go, do not collect $200, 'd00d'.

I know there are a lot of stupid admins out there, but getting ssl and ssh installed should be a priority. Before you try and secure your wireless network segment you need to begin using secure protocols.

Just a sidenote, but POP itself isn't insecure auth-wise, and neither is telnet. POP3 supports APOP, which uses CRAM-MD5 to encode the password, and is rather secure. Telnet is installed on most linux systems now with kerberos support.

There's nothing particularly secure about SSL or SSH either- unless you've spent several hundred dollars on a cert(for SSL) signed by one of the major CAs, or you have your system with you, and you trust that cert. Walking up to a workstation and logging in to your webmail over https from your home box, when you see that "is this cert ok?" you really have no idea.

It's a little better for SSH- smart SSH users have a printout of their system's fingerprint so they can quickly compare the two, before clicking "yes"...but too many people just blindly click "Yes", and that's your greatest risk right there. Not to mention, that copy of putty on that innocent looking windows box could be trojaned by the last conference guest to use it...etc. etc.

Ultimately, the most secure method is having your own hardware that by mere physical availability can't be tampered with very easily. Your system already knows what SSH fingerprints to trust, it already knows what SSL certs are cool, there's no real danger of keylogging...oh, and you can set up a full-blown VPN connection so nobody can even tell what you're doing.

Re:Bait, and false sense of security

POP itself isn't insecure auth-wise, and neither is telnet

reader: Parse error in paragraph 4: Triple negative overflow. Giving up.

Another possible combination

[in7ane]

What about a robot that can sniff out RFID tags?

Oh, actually I think that was discussed already...

Coincidence

[Mars+Saxman]

I saw this robot in action Tuesday evening at the opening of the Dorkbot show at COCA here in Seattle. Only it wasn't running around looking for open access points, it was out in front of the DJ stage *dancing*. Someone had brought their daughter, who looked to be about four, and for a few minutes the kid and the wheely-bot were dancing. Quite a scene, though I didn't have my camera handy.

-Mars

huh??

[iamhassi]

wireless networks aren't carpets that need constant cleaning: they don't develop vulnerabilities over time. It's either secure or it's not. Once the network is secure you don't need to keep checking if the network is secure, so what's the point of a robot that constantly checks wireless security?

Laptops change that

[billstewart]

Sure, access points don't just pop up, and if they've been secured, they'll probably stay secure. And desktop computers are relatively stable. But people get new laptops all the time, and add WiFi cards to existing laptops (especially when they're adding wifi to their home networks), and laptops get their settings messed up all the time.